Package: mount Version: 2.5j-1 I don't know if we have this problem currently, but I'd appreciate it if you'd check.
------- Forwarded transaction [8323] [EMAIL PROTECTED] (Theodore Y. Ts'o) Consulting_FYI 08/13/96 19:59 (73 lines) Subject: [linux-security] Vulnerability in ALL linux distributions Date: Tue, 13 Aug 1996 19:58:59 -0400 From: "Theodore Y. Ts'o" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] FYI. ------- Forwarded Message Date: Tue, 13 Aug 1996 06:49:55 +0200 From: bloodmask <[EMAIL PROTECTED]> Organization: CoViN X-Mailer: Mozilla 3.0b5a (X11; I; Linux 2.0.0 i586) Mime-Version: 1.0 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [linux-security] Vulnerability in ALL linux distributions Content-Type: multipart/mixed; boundary="------------3E2982D84A560D2D9A831FA" Sender: [EMAIL PROTECTED] Precedence: list This is a multi-part message in MIME format. --------------3E2982D84A560D2D9A831FA Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Greetings folks, Sorry we haven't released this thing sooner, due to testing we've conducted to determine vulnerability on other systems besides Linux, I've attached the officail release, Patch this up quick, and if I were you, I wouldn't trust those old binaries to be secure anymore, this thing has been with Linux since it's beggining, at it's high time this "feature" is removed. --------------3E2982D84A560D2D9A831FA Content-Type: text/plain; charset=us-ascii; name="cvnmount.exploit" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="cvnmount.exploit" Covin Security Releases: (mount bufferoverflow exploit v1.0) Tested operated systems: All current distributions of Linux Affect: Local users on systems affected can gain overflow mounts syntax buffer and execute a shell by overwriting the stack. Affected binaries: (/bin/mount and /bin/umount) Workaround: On all current distributions of Linux remove suid bit of /bin/mount and /bin/umount. [chmod -s /bin/mount;chmod -s /bin/umount] Remarks: For gods sake, how many more times are we gonna see this kind of problem? It's been with Linux since it's very beggining, and it's so easy to exploit. Similiar buffer overflow vulnerabilities have been found in Linux distributions many times before, splitvt, dip, just to name a few examples. Any remarks, notes or other forms of feedback may be redirected to: [EMAIL PROTECTED] [Mod: This exploit has already been posted to Bugtraq. --Jeff.] --------------3E2982D84A560D2D9A831FA-- ------- End Forwarded Message --[8323]-- ------- End forwarded transaction
